1. Field of the Invention
The present invention relates to a receiving apparatus and a method for controlling the same.
2. Description of the Related Art
Digital content can be easily copied (duplicated) without degrading image quality, which may cause a serious problem, such as the infringement of copyrights and illegal circulation of content. In view of this, a receiving system having enhanced protective measures for copyrights has been adopted in digital broadcasting that is in current operation. For example, content transmitted via a digital broadcast signal (broadcast wave) is scrambled (encrypted), and only a receiving apparatus that is authorized based on a viewing contract can descramble (decrypt) the content. In order to realize such a receiving system, a conditional access system has been generally adopted.
In the conditional access system, it is important to specify an authorized receiving apparatus, scramble content so that the content is securely transmitted, and allow only an authorized receiving apparatus to properly descramble the scrambled content. Here, an authorized receiving apparatus is a receiving apparatus that is considered to have functions (capabilities) that do not violate copyright protection, and has an authorized viewing contract.
At present, in order to specify an authorized receiving apparatus and to realize secured transmission and reception of content, a conditional access system (CAS) in which an IC card is used has been adopted. Since an IC card includes an ID number unique to the card, and information on a master key necessary for descrambling content, an authorized receiving apparatus can be specified using the information included in this IC card. Note that content is encrypted with three keys including information on a master key, and can be viewed only with an authorized receiving apparatus.
Preparation for practical use of a conditional access system in which an IC card is not used is also progressing, and a new content protection system (hereafter referred to as a “new RMP system”) has been recently standardized (see the Association of Radio Industries and Businesses standard “Conditional Access System Specifications for Digital Broadcasting” (ARIB STD B-25 Ver5.1) Part 3 “Reception Control System”).
In the new RMP system, since an IC card is not used, key information is encrypted, included in an EMM (Entitlement Management Message), and transmitted via a broadcast signal. An EMM is data used for transmitting information on a device ID, and mainly for transmitting a device key that has a device ID added thereto for identifying an EMM and that is allocated to receiving apparatuses on a model-by-model basis. A receiving apparatus extracts key information (information on a device key) corresponding to a device ID from an EMM. A device key (information on a device key) included in the EMM is encrypted, and the receiving apparatus generates a device key by applying a specific device key generation procedure. Note that a device key generation procedure refers to, for example, software for executing a certain algorithm so as to generate a device key, or hardware for performing a certain process so as to generate a device key.
Content is encrypted with three keys, and in order to descramble such content, a work key and a scrambling key are necessary in addition to a device key. A work key is encrypted using a device key, included in an EMM, and transmitted via a broadcast signal. A scrambling key is encrypted using a work key, included in an ECM (Entitlement Control Message), and transmitted via a broadcast signal. Note that an ECM is data used for transmitting information common to all the receiving apparatuses, and mainly for transmitting a scrambling key for a scrambled broadcast, and information on a program. Therefore, in the new RMP system, only an authorized receiving apparatus sequentially decrypts an encryption key and content using a device key first, which enables viewing of content.
Furthermore, in the new RMP system, when a device key (information on a device key) is leaked and abused for copyright infringement and the like, the key information included in an EMM is updated (called “revoked”). Accordingly, the leaked device key (the information on the leaked device key) cannot be used, and therefore content can be securely transmitted again after key information is updated.
However, when a device key generation procedure is leaked, even if key information included in an EMM is updated, the updated device key will be generated by applying the device key generation procedure. Therefore, when a device key generation procedure is leaked, the EMM for the model targeted for revocation is updated to an EMM with which a device key cannot be generated using the leaked device key generation procedure. Accordingly, the model targeted for revocation cannot generate a device key, and therefore content cannot be viewed. Note that in order to enable viewing of content, it is sufficient that a device key generation procedure is updated to a further secure procedure that is not readily leaked. For example, as a technique for updating key generation software in a receiving apparatus, Japanese Patent Laid-Open No. 2006-129244 proposes a technique with which key generation software cannot be updated in receiving apparatuses other than an authorized receiving apparatus (that is, unauthorized receiving apparatuses).
On the other hand, receiving apparatuses have also been practically used in which content of a digital broadcast is stored (recorded) in a recording apparatus such as a hard disk, so that such content can be repeatedly viewed (reproduced). With current digital broadcasting, MPEG-2 (Moving Picture Experts Group) systems have been adopted, and the transport stream (TS) is used. Streams, such as video, audio, data for data broadcasting, transmission-control information, and reception-control information, are divided in units of TS packet transmission and included in TS packets, and are transmitted using time division multiplexing. When such TS data is stored in a recording apparatus, if the TS data is stored as is, it is possible to store the data without degrading image quality.
When TS data that has not been descrambled is stored (recorded), such TS data has a function for protecting copyright equivalent to that of a broadcast signal. Note that even in a case such as a case where TS data cannot be descrambled since key information is not provided or the like, it is possible to store TS data that is not descrambled.
In order to reproduce TS data that is stored (recorded) in a recording apparatus and is not descrambled (recorded TS data), similar to the case of viewing a broadcast signal, it is necessary to descramble the recorded TS data. At this time, an EMM and an ECM that are included in the recorded TS data are extracted, and a device key, a work key, and a scrambling key are decrypted.
However, in the new RMP, when a device key generation procedure is updated, TS data recorded before the device key generation procedure was updated cannot be descrambled, and therefore it is impossible to view content even with an authorized receiving apparatus. This is because a device key generation procedure from after the update is applied to an EMM included in the recorded TS data, and therefore a device key cannot be generated, or a device key is invalid even if a device key can be generated.